cbcvebase.

Splunk Enterprise vulnerabilities

149 known vulnerabilities affecting splunk/splunk_enterprise.

Total CVEs
149
CISA KEV
1
actively exploited
Public exploits
6
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH45MEDIUM95LOW7

Vulnerabilities

Page 1 of 8
CVE-2026-20253P1CRITICALCVSS 9.8KEVPoC≥ 10.2, < 10.2.4≥ 10.0, < 10.0.72026-06-10
CVE-2026-20253 [CRITICAL] CWE-306 CVE-2026-20253: In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated use In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file oper
nvd
CVE-2024-36991P1HIGHCVSS 7.5ExploitedPoC≥ 9.2, < 9.2.2≥ 9.1, < 9.1.5+1 more2024-07-01
CVE-2024-36991 [HIGH] CWE-35 CVE-2024-36991: In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
nvd
CVE-2023-46214P1HIGHCVSS 8.8PoC≥ 9.0, < 9.0.7≥ 9.1, < 9.1.22023-11-16
CVE-2023-46214 [HIGH] CWE-91 CVE-2023-46214: In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize exte In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
nvd
CVE-2023-32707P2HIGHCVSS 8.8PoC≥ 8.1, < 8.1.14≥ 8.2, < 8.2.11+1 more2023-06-01
CVE-2023-32707 [HIGH] CWE-285 CVE-2023-32707: In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below ve In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
nvd
CVE-2022-43571P2HIGHCVSS 8.8PoC≥ 8.1, < 8.1.12≥ 8.2, < 8.2.9+1 more2022-11-03
CVE-2022-43571 [HIGH] CWE-94 CVE-2022-43571: In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbi In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component.
nvd
CVE-2024-36985P2HIGHCVSS 8.8PoC≥ 9.2, < 9.2.2≥ 9.1, < 9.1.5+1 more2024-07-01
CVE-2024-36985 [HIGH] CWE-687 CVE-2024-36985: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not ho In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“ application.
nvd
CVE-2026-20251P2HIGHCVSS 8.8≥ 10.2, < 10.2.4≥ 10.0, < 10.0.7+2 more2026-06-10
CVE-2026-20251 [HIGH] CWE-502 CVE-2026-20251: In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versio In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could perform a Remote Code Execution
nvd
CVE-2025-20229P3HIGHCVSS 8.0≥ 9.4, < 9.4.0≥ 9.3, < 9.3.3+2 more2025-03-26
CVE-2025-20229 [HIGH] CWE-284 CVE-2025-20229: In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions bel In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" dire
nvd
CVE-2024-53247P2HIGHCVSS 8.8≥ 9.3, < 9.3.2≥ 9.2, < 9.2.4+1 more2024-12-10
CVE-2024-53247 [HIGH] CWE-502 CVE-2024-53247: In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 o In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE).
nvd
CVE-2024-45733P3HIGHCVSS 8.8≥ 9.2, < 9.2.3≥ 9.1, < 9.1.62024-10-14
CVE-2024-45733 [HIGH] CWE-502 CVE-2024-45733: In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.
nvd
CVE-2024-36983P3HIGHCVSS 8.8≥ 9.2, < 9.2.2≥ 9.1, < 9.1.5+1 more2024-07-01
CVE-2024-36983 [HIGH] CWE-77 CVE-2024-36983: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From the
nvd
CVE-2022-37437P3CRITICALCVSS 9.8v9.0.02022-08-16
CVE-2022-37437 [CRITICAL] CWE-295 CVE-2022-37437: When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service ( When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to en
nvd
CVE-2024-36984P3HIGHCVSS 8.8≥ 9.2, < 9.2.2≥ 9.1, < 9.1.5+1 more2024-07-01
CVE-2024-36984 [HIGH] CWE-502 CVE-2024-36984: In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code.
nvd
CVE-2022-43567P3HIGHCVSS 8.8≥ 8.1, < 8.1.12≥ 8.2, < 8.2.9+1 more2022-11-04
CVE-2022-43567 [HIGH] CWE-502 CVE-2022-43567: In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrar In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.
nvd
CVE-2023-40598P3HIGHCVSS 8.8≥ 8.2, < 8.2.12≥ 9.0, < 9.0.6+1 more2023-08-30
CVE-2023-40598 [HIGH] CWE-77 CVE-2023-40598: In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external loo In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.
nvd
CVE-2025-20371P3HIGHCVSS 8.8≥ 10.0, < 10.0.1≥ 9.4, < 9.4.4+2 more2025-10-01
CVE-2025-20371 [HIGH] CWE-918 CVE-2025-20371: In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versio In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.
nvd
CVE-2023-40595P3HIGHCVSS 8.8≥ 8.2, < 8.2.12≥ 9.0, < 9.0.6+1 more2023-08-30
CVE-2023-40595 [HIGH] CWE-502 CVE-2023-40595: In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a special In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.
nvd
CVE-2023-32708P3HIGHCVSS 8.8≥ 8.1, < 8.1.14≥ 8.2, < 8.2.11+1 more2023-06-01
CVE-2023-32708 [HIGH] CWE-113 CVE-2023-32708: In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions be In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.
nvd
CVE-2026-20252P3HIGHCVSS 7.6≥ 10.2, < 10.2.4≥ 10.0, < 10.0.7+2 more2026-06-10
CVE-2026-20252 [HIGH] CWE-918 CVE-2026-20252: In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform ve In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard S
nvd
CVE-2026-20163P3HIGHCVSS 7.2≥ 10.0, < 10.0.4≥ 9.4, < 9.4.9+1 more2026-03-11
CVE-2026-20163 [HIGH] CWE-77 CVE-2026-20163: In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform ver In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/in
nvd
Splunk Enterprise vulnerabilities | cvebase